Safety Report

Performance Review Engine

Name: Performance Review Engine
Rating: 5 (2 reviews)
Author: 1kalin

AI-powered system for creating structured, balanced performance reviews, self-assessments, 360° feedback, and calibration notes across review cycles.

460Downloads

0Installs

2Stars

2Versions

Notes & Knowledge2,526

Security Analysis

high confidence

Clean0.04 risk

The skill is an instruction-only performance-review template pack that matches its description and requests no credentials or installs; the primary risk is handling sensitive HR data at runtime, not incoherence in the package itself.

Feb 13, 20262 files1 concern

Purpose & Capabilityok

Name and description match the SKILL.md and README content: templates, frameworks, and prompts for self-assessments, manager reviews, 360° feedback, calibration, and development plans. The skill requests no unrelated binaries, env vars, or config paths.

Instruction Scopenote

SKILL.md contains templates, frameworks, prompts, and checklists only — no shell commands, file reads, or explicit network endpoints. However the content is designed to collect and synthesize 360° feedback and calibration data (sensitive employee information). The instructions do not specify how to collect/store that data or what external endpoints to use, so actual data flow depends on the agent's integrations/permissions at runtime.

Install Mechanismok

No install specification and no code files — instruction-only. Nothing is written to disk or downloaded by the skill itself, which minimizes technical attack surface.

Credentialsok

The skill declares no required environment variables, credentials, or config paths. There are no disproportionate secret requests relative to the stated HR review functionality.

Persistence & Privilegeok

always is false and the skill uses normal autonomous-invocation defaults. It does not request persistent system-wide changes or access to other skills' configs.

Guidance

This skill is coherent and low-risk from a package/installation standpoint because it's instruction-only and asks for no credentials. The main concern is sensitive HR data: do not feed real PII, salaries, or confidential performance details into the skill unless you verify which integrations the agent will use (email, Slack, HRIS, storage) and you trust those connections and retention policies. Test with dummy data first, limit the agent's permissions (sandbox/email drafts rather than sending), review any external links or paid add-ons before sharing data, and ensure compliance with your company's privacy and HR policies.

Latest Release

v1.1.0

Expanded OBSERVE framework, calibration bias checklist, delivery conversation scripts, legal compliance section

More by @1kalin

Real Estate Engine

4 stars

Cybersecurity Risk Assessment

4 stars

Competitor Analyst

4 stars

AI Researcher

4 stars

Social Media Scheduler

3 stars

ICP Builder

2 stars

Published by @1kalin on ClawHub